ListAnomalies
Returns a list of anomalies that log anomaly detectors have found. For details about the structure format of each anomaly object that is returned, see the example in this section.
Request Syntax
{
"anomalyDetectorArn": "string",
"limit": number,
"nextToken": "string",
"suppressionState": "string"
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- anomalyDetectorArn
-
Use this to optionally limit the results to only the anomalies found by a certain anomaly detector.
Type: String
Length Constraints: Minimum length of 1.
Pattern:
[\w#+=/:,.@-]*Required: No
- limit
-
The maximum number of items to return. If you don't specify a value, the default maximum value of 50 items is used.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 50.
Required: No
- nextToken
-
The token for the next set of items to return. The token expires after 24 hours.
Type: String
Length Constraints: Minimum length of 1.
Required: No
- suppressionState
-
You can specify this parameter if you want to the operation to return only anomalies that are currently either suppressed or unsuppressed.
Type: String
Valid Values:
SUPPRESSED | UNSUPPRESSEDRequired: No
Response Syntax
{
"anomalies": [
{
"active": boolean,
"anomalyDetectorArn": "string",
"anomalyId": "string",
"description": "string",
"firstSeen": number,
"histogram": {
"string" : number
},
"isPatternLevelSuppression": boolean,
"lastSeen": number,
"logGroupArnList": [ "string" ],
"logSamples": [
{
"message": "string",
"timestamp": number
}
],
"patternId": "string",
"patternRegex": "string",
"patternString": "string",
"patternTokens": [
{
"dynamicTokenPosition": number,
"enumerations": {
"string" : number
},
"inferredTokenName": "string",
"isDynamic": boolean,
"tokenString": "string"
}
],
"priority": "string",
"state": "string",
"suppressed": boolean,
"suppressedDate": number,
"suppressedUntil": number
}
],
"nextToken": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- anomalies
-
An array of structures, where each structure contains information about one anomaly that a log anomaly detector has found.
Type: Array of Anomaly objects
- nextToken
-
The token for the next set of items to return. The token expires after 24 hours.
Type: String
Length Constraints: Minimum length of 1.
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidParameterException
-
A parameter is specified incorrectly.
HTTP Status Code: 400
- OperationAbortedException
-
Multiple concurrent requests to update the same resource were in conflict.
HTTP Status Code: 400
- ResourceNotFoundException
-
The specified resource does not exist.
HTTP Status Code: 400
- ServiceUnavailableException
-
The service cannot complete the request.
HTTP Status Code: 500
Examples
To retrieve a list of anomalies found by logs anomaly detectors
This example illustrates one usage of ListAnomalies.
Sample Request
POST / HTTP/1.1
Host: logs.<region>.<domain>
X-Amz-Date: <DATE>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=content-type;date;host;user-agent;x-amz-date;x-amz-target;x-amzn-requestid, Signature=<Signature>
User-Agent: <UserAgentString>
Accept: application/json
Content-Type: application/x-amz-json-1.1
Content-Length: <PayloadSizeBytes>
Connection: Keep-Alive
X-Amz-Target: Logs_20140328.ListAnomalies
{
"anomalyDetectorArn": "arn:aws:logs:us-west-1:123456789012:anomaly-detector:EXAMPLE-1234-5678-abcd-111111111111",
"limit": 50,
}Sample Response
{
"anomalies": [
{
"active": false,
"anomalyDetectorArn": "arn:aws:logs:us-west-1:123456789012:anomaly-detector:EXAMPLE-1234-5678-abcd-111111111111",
"anomalyId": "EXAMPLE-529d-4e1e-bea9-123EXAMPLE",
"description": "Count of ErrorCode: 200 at token: 9 deviated expected by: 20.00%",
"firstSeen": 1698488280000,
"histogram": {
"1698487995000": 2,
"1698488285000": 4,
"1698488295000": 1,
"1698488300000": 1,
"1698488305000": 4
},
"isPatternLevelSuppression": false,
"lastSeen": 1698488580000,
"logGroupArnList": [
"arn:aws:logs:us-east-1:123456789012:log-group:/aws/lambda/my-log-group-name"
],
"logSamples": [
{
"message": "2023-10-28T10:18:18.959Z\EXAMPLE-4e26-41d8-8b54-EXAMPLE\tINFO\tResponse: 200 https://global.console.aws.amazon.com/EXAMPLEURL",
"timestamp": 1698488298959
}
],
"patternId": "EXAMPLE86827f77073836412345678",
"patternRegex": ".*\\Q\t\\E.*\\Q\tINFO\tResponse: \\E.*\\Q https:\\E.*\\Q=\\E.*\\Q=\\E.*\\Q=\\E.*\\Q\n\\E",
"patternString": "<*>\t<*>\tINFO\tResponse: <*> https:<*>=<*>=<*>=<*>\n",
"patternTokens": [
{
"dynamicTokenPosition": 1,
"enumerations": {
"2023-10-28T10:18:08.420Z": 2,
"2023-10-28T10:18:18.959Z": 1,
"2023-10-28T10:18:20.260Z": 1,
"2023-10-28T10:18:25.440Z": 1,
"2023-10-28T10:18:27.508Z": 1
},
"isDynamic": true,
"tokenString": "<*>"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "\t"
},
{
"dynamicTokenPosition": 2,
"enumerations": {
"4766bcdd-4e26-41d8-8b54-fa0ae43f6201": 6
},
"isDynamic": true,
"tokenString": "<*>"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "\t"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "INFO"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "\t"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "Response"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": ":"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": " "
},
{
"dynamicTokenPosition": 3,
"enumerations": {
"200": 6
},
"isDynamic": true,
"tokenString": "<*>"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": " "
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "https"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": ":"
},
{
"dynamicTokenPosition": 4,
"enumerations": {
"//global.console.aws.amazon.com/EXAMPLEURL": 1,
"//prod.EXAMPLEURL2": 5
},
"isDynamic": true,
"tokenString": "<*>"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "="
},
{
"dynamicTokenPosition": 5,
"enumerations": {
"%40amzn%2Faws-ccx-regions-availability&majorVersion": 1,
"info&message": 5
},
"isDynamic": true,
"tokenString": "<*>"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "="
},
{
"dynamicTokenPosition": 6,
"enumerations": {
"1&versionId": 1,
"checkForCookieConsent&payload": 3,
"geolocationLatency&payload": 1,
"uiMounted&payload": 1
},
"isDynamic": true,
"tokenString": "<*>"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "="
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "\n"
}
],
"priority": "LOW",
"state": "Active",
"suppressed": false,
"suppressedDate": 0,
"suppressedUntil": 0
},
{
"active": false,
"anomalyDetectorArn": "arn:aws:logs:us-west-1:123456789012:anomaly-detector:EXAMPLE-1234-5678-abcd-111111111111",
"anomalyId": "EXAMPLE-09d4-4286-9cd3-EXAMPLE",
"description": "Count of ErrorCode: 200 at token: 9 deviated expected by: 95.12%",
"firstSeen": 1698392040000,
"histogram": {
"1698392035000": 17,
"1698392040000": 5
},
"isPatternLevelSuppression": true,
"lastSeen": 1698392340000,
"logGroupArnList": [
"arn:aws:logs:us-east-1:123456789012:log-group:another-log-group"
],
"logSamples": [
{
"message": "2023-10-27T07:33:56.178Z\tb3c81837-ead3-46ac-9334-68fa05453033\tINFO\tResponse: 200 https://EXAMPLE-URL-2",
"timestamp": 1698392036178
}
],
"patternId": "9f2e9e2844e41728651fb229351c90e0",
"patternRegex": ".*\\Q\t\\E.*\\Q\tINFO\tResponse: \\E.*\\Q https:\\E.*\\Q\n\\E",
"patternString": "<*>\t<*>\tINFO\tResponse: <*> https:<*>\n",
"patternTokens": [
{
"dynamicTokenPosition": 1,
"enumerations": {
"2023-10-27T07:33:56.238Z": 1,
"2023-10-27T07:33:56.253Z": 1,
"2023-10-27T07:33:56.274Z": 1,
"2023-10-27T07:33:56.295Z": 1,
"2023-10-27T07:34:01.929Z": 1
},
"isDynamic": true,
"tokenString": "<*>"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "\t"
},
{
"dynamicTokenPosition": 2,
"enumerations": {
"b3c81837-ead3-46ac-9334-68fa05453033": 22
},
"isDynamic": true,
"tokenString": "<*>"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "\t"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "INFO"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "\t"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "Response"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": ":"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": " "
},
{
"dynamicTokenPosition": 3,
"enumerations": {
"200": 22
},
"isDynamic": true,
"tokenString": "<*>"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": " "
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "https"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": ":"
},
{
"dynamicTokenPosition": 4,
"enumerations": {
"//EXAMPLE-URL-1": 12,
"//EXAMPLE-URL-2": 1,
"//EXAMPLE-URL-2": 6,
"//EXAMPLE-URL-3": 3
},
"isDynamic": true,
"tokenString": "<*>"
},
{
"dynamicTokenPosition": 0,
"enumerations": {},
"isDynamic": false,
"tokenString": "\n"
}
],
"priority": "LOW",
"state": "Active",
"suppressed": true,
"suppressedDate": 0,
"suppressedUntil": 1702393208766
},See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
